—

MAL-2026-6245

Malicious code in request-cache-py (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (d027c4b6379310432f96b48dc78c73ddf1346052c5ab16ea6ed4fe3fc0754d08) During import, package exfiltrates browsers data, SSH keys and other credential files, env variables and other sensitive data.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-request-cache-py

Reasons (based on the campaign):

- infostealer

- exfiltration-env-variables

- exfiltration-ssh-keys

- impersonation

- A Telegram webhook is used to send collected data.

- exfiltration-browser-data

- The package contains code to detect if it is running in a sandbox environment.

- exfiltration-credentials

- The malicious code is intentionally included in a dependency of the package

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / request-cache-py

No fixed version published yet for request-cache-py (pip). Pin to a known-safe version or switch to an alternative.

References

https://bad-packages.kam193.eu/pypi/package/request-cache-py [WEB]